Secure access to virtual machines in heterogeneous cloud environments
Abstract
Systems, methods, and computer-readable media provide for secure access to virtual machines in heterogeneous cloud environments. In an example embodiment, client credentials, such as a public key of a public-private key pair, are provided to a virtual machine in a first cloud, such as a private cloud. The virtual machine can be migrated from the first cloud to a second cloud, such as one of a plurality of heterogeneous public clouds. The virtual machine in the second cloud can be accessed from the first cloud via Secure Shell (SSH) authentication using the client credentials. The client credentials can be updated, and the updated client credentials can be used for subsequent SSH access to the virtual machine in the second cloud.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method comprising:
generating a first public-private key pair including a first public key and a first private key for a first virtual machine;
inserting the first public key in the first virtual machine while the first virtual machine is in a first network environment;
detecting a migration of the first virtual machine to a second network environment;
accessing the first virtual machine from the second network environment based on the first private key;
generating a second public-private key pair including a second public key and a second private key; and
replacing the first public key in the first virtual machine with the second public key while the first virtual machine is in the second network environment and accessed based on the first private key.
2. The method of claim 1 , wherein the first public-private key pair is generated using a public-key algorithm.
3. The method of claim 1 , wherein the first public-private key pair is unique to the first virtual machine.
4. The method of claim 1 , wherein the first public-private key pair is inserted in a second virtual machine, the second virtual machine migrating from the first network environment to the second network environment.
5. The method of claim 1 , wherein the first network environment is a private cloud.
6. The method of claim 1 , wherein the second network environment is a public cloud.
7. The method of claim 1 , further comprising:
converting an image of the first virtual machine to a raw image format;
converting the raw image to a format of the second network environment; and
uploading the converted raw image to the second network environment.
8. The method of claim 1 , wherein the accessing further comprising:
receiving a challenge to access the first virtual machine in the second network environment;
encrypting the challenge with the first private key; and
sending the encrypted challenge.
9. The method of claim 1 , further comprising:
generating a first host key;
inserting the first host key into the virtual machine in the first network environment;
receiving a public portion of the first host key;
authenticating, using the public portion of the first host key, the first virtual machine;
generating a second host key; and
replacing the first host key with the second host key while the first virtual machine is in the second network environment.
10. A system comprising:
at least one processor; and
at least one memory storing instructions, which when executed by the at least one processor, causes the at least one processor to:
generate a first public-private key pair including a first public key and a first private key for a first virtual machine;
insert the first public key in the first virtual machine while the first virtual machine is in a first network environment;
detect a migration of the first virtual machine to a second network environment;
access the first virtual machine from the second network environment based on the first private key;
generate a second public-private key pair including a second public key and a second private key; and
replace the first public key in the first virtual machine with the second public key while the first virtual machine is in the second network environment and accessed based on the first private key.
11. The system of claim 10 , wherein the first public-private key pair is unique to the first virtual machine.
12. The system of claim 10 , wherein the first public-private key pair is inserted in a second virtual machine, the second virtual machine migrating from the first network environment to the second network environment.
13. The system of claim 10 , further comprising instructions, which when executed causes the at least one processor to:
convert an image of the first virtual machine to a raw image format;
convert the raw image to a format of the second network environment; and
upload the converted raw image to the second network environment.
14. The system of claim 10 , wherein the accessing further comprising instructions, which when executed causes the at least one processor to:
receive a challenge to access the first virtual machine in the second network environment;
encrypt the challenge with the first private key; and
send the encrypted challenge.
15. The system of claim 10 , further comprising instructions, which when executed causes the at least one processor to:
generate a first host key;
insert the first host key into the virtual machine in the first network environment;
receive a public portion of the first host key;
authenticate, using the public portion of the first host key, the first virtual machine;
generate a second host key; and
replace the first host key with the second host key while the first virtual machine is in the second network environment.
16. At least one non-transitory computer-readable medium storing instructions, which when executed by at least one processor, causes the at least one processor to:
generate a first public-private key pair including a first public key and a first private key for a first virtual machine;
insert the first public key in the first virtual machine while the first virtual machine is in a first network environment;
detect a migration of the first virtual machine to a second network environment;
access the first virtual machine from the second network environment based on the first private key;
generate a second public-private key pair including a second public key and a second private key; and
replace the first public key in the first virtual machine with the second public key while the first virtual machine is in the second network environment and accessed based on the first private key.
17. The at least one non-transitory computer-readable medium of claim 16 , wherein the first public-private key pair is unique to the first virtual machine.
18. The at least one non-transitory computer-readable medium of claim 16 , further comprising instructions, which when executed causes the at least one processor to:
convert an image of the first virtual machine to a raw image format;
convert the raw image to a format of the second network environment; and
upload the converted raw image to the second network environment.
19. The at least one non-transitory computer-readable medium of claim 16 , wherein the accessing further comprising instructions, which when executed causes the at least one processor to:
receive a challenge to access the first virtual machine in the second network environment;
encrypt the challenge with the first private key; and
send the encrypted challenge.
20. The at least one non-transitory computer-readable medium of claim 16 , further comprising instructions, which when executed causes the at least one processor to:
generate a first host key;
insert the first host key into the virtual machine in the first network environment;
receive a public portion of the first host key;
authenticate, using the public portion of the first host key, the first virtual machine;
generate a second host key; and
replace the first host key with the second host key while the first virtual machine is in the second network environment.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.